AWS::NetworkFirewall::RuleGroup StatefulRuleOptions - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::NetworkFirewall::RuleGroup StatefulRuleOptions

Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "RuleOrder" : String
}

YAML

  RuleOrder: String

Properties

RuleOrder

Indicates how to manage the order of the rule evaluation for the rule group. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Amazon Network Firewall Developer Guide.

Required: No

Type: String

Allowed values: DEFAULT_ACTION_ORDER | STRICT_ORDER

Update requires: No interruption